Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-2486

Wrong user name when sentry HMSFollower gets full snapshot from HMS at insecure mode

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: None
    • Component/s: Sentry
    • Labels:
      None

      Description

      In insecure mode, the current login user name is passed from Sentry to HMS server when sentry HMSFollower gets full snapshot from HMS.

      The user name should be "sentry" instead of current login user.

      The followiong code shows how current login user name is used when subject is null.

      In UserGroupInformation, if the context does not have subject, the getLoginUser() is used as user name

      @Public
      @Evolving
      public static UserGroupInformation getCurrentUser() throws IOException

      { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); return subject != null && !subject.getPrincipals(User.class).isEmpty() ? new UserGroupInformation(subject) : getLoginUser(); }

      This issue should not happen in production because secure mode is always used. Insecure mode is only used in test.

        Attachments

        1. SENTRY-2486.002.patch
          7 kB
          Na Li
        2. SENTRY-2486.001.patch
          8 kB
          Na Li
        3. SENTRY-2486.001.patch
          8 kB
          Na Li

          Issue Links

            Activity

              People

              • Assignee:
                LinaAtAustin Na Li
                Reporter:
                LinaAtAustin Na Li
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: